Did you sign the server cerficates with this ca-cert? And how did you
create the CA and the server certificates?
I personally use the CA.pl tools from openssl, this is by no means the
best way to do, but the simplest. If you follow this path, you may
have to edit openssl.cnf to meet your requirements. Then you just do
./CA.pl -newca, which creates es self signed CA
./CA.pl -newreq, this creates a host or user certficate request
./CA.pl -sign, wwhich signs the request
openssl rsa -in newreq.pem -out foo-key.pem, this removes password
from the requested certificate and creates a key file.
mv newcert.pem foo-cert.pem
./CA.pl -verify foo-cert.pem